Hello

I am trying to get filename (name.exe) from a full path (dir + filename) from windows folders, ex:

C:\dir1\dir2\filename.ext

using code as below:

index = os_sysmon NOT Image="*Sysmon*" EventCode=1
| rex field=Image "Executable=(?P<Executable>[^\\\]+)$"
| table Image Executable

Problem:
Executable always empty

Can you please advise?

best regards
Altin